cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.12.1.4 - Nicolas Coolman (01/12/2013)
~ Lancé par Doudou (02/12/2013 20:38:00)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736 (Defaut)
MFIE: Mozilla Firefox 25.0.1

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 4VRD6
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
McAfee Internet Security v12.8.856
McAfee Security Scan Plus v3.8.130.10
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3981 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 318 GB (85%) free of 373 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DOUDOU
~ User Name: Doudou
~ All Users Names: UpdatusUser, Doudou, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Doudou\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Doudou\AppData\Roaming\
~ %Desktop% : C:\Users\Doudou\Desktop\
~ %Favorites% : C:\Users\Doudou\Favorites\
~ %LocalAppData% : C:\Users\Doudou\AppData\Local\
~ %StartMenu% : C:\Users\Doudou\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 318 Go of 373 Go)
D: Hard drive, Flash drive, Thumb drive (Free 537 Go of 538 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/11/2012 - 13:56:51.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.C6D3BB61E24F66EB976C6CC55346B5F2] - (.ASUS - ASUS InstantOn.) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [1196416] [PID.7492]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.7732]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.9332]
[MD5.C81E206D2DDBD18396506C2978F2C6BA] - (...) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [171224] [PID.8604]
[MD5.DB314CFF0FB931BEEF9AA53B4DBABDC5] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21064] [PID.9124]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.6896]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.10136]
[MD5.916FC4B7BEC7A5E1DB20B6E1F0BE6D88] - (.SpeedUpMyPC - Uniblue SpeedUpMyPC Monitor.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [26968] [PID.8236] =>Rogue.SpeedUpMyPC
[MD5.D2260E0490BC87A37EBF9AED7A7C5210] - (...) -- C:\Users\Doudou\AppData\Local\Lollipop\Lollipop.exe [3171328] [PID.8320] =>Adware.Lollipop
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.7208]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3640]
[MD5.25A7E7174C622D3B8D0D2681EE87E4FA] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.9388]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.7508]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4320]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.8512]
[MD5.3E02FD57FDAF184A15CCAD9D9BD9C626] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8263680] [PID.10120]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =>Hijacker.NationZoom
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Storimbo [64Bits] - {ddac750c-59da-4bb6-9ee7-ead55ebe0b64} . (.Storimbo - Storimbo.) -- C:\Program Files (x86)\Storimbo\Storimbobho.dll =>PUP.Storimbo
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Clé orpheline
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: ASUS Install.lnk . (.ASUSTek Computer INC. - AsInsWiz.) -- C:\eSupport\eDriver\AsInsWiz.exe
O4 - GS\Desktop [Public]: ASUS Instant Connect Installer.lnk . (...) -- C:\windows\Installer\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}\_77CD0D17CE4BC69D3FCD39.exe
O4 - GS\Desktop [Public]: ASUS Tutor.lnk . (...) -- C:\windows\Installer\{58172D66-2F69-4215-9AEC-ED8196023736}\_E2D96973328BFA48EC703B.exe
O4 - GS\Desktop [Public]: eManual.Lnk . (.ASUSTek Computer Inc. - EManual Application.) -- C:\eSupport\Manual\eManual.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WebStorage.lnk . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Intel AT Service.lnk . (...) -- C:\Program Files (x86)\mcafee\msc\OOBE\ATLauncher.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Doudou]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Doudou]: SpeedUpMyPC.lnk . (.SpeedUpMyPC - Uniblue SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>Rogue.SpeedUpMyPC
O4 - GS\TaskBar [Doudou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Doudou]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Doudou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [Doudou]: Lollipop.lnk . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\Lollipop.exe =>Adware.Lollipop
~ Global Startup: 46 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - GS\Startup [Doudou]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] . (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Frame.) -- C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKCU\..\Run: [lollipop] . (...) -- c:\users\doudou\appdata\local\lollipop\lollipop.exe =>Adware.Lollipop
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [ATLauncher] . (.McAfee, Inc. - ATLauncher.) -- C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [ATUninstallIcon] . (.McAfee, Inc. - ATLauncher.) -- C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8D0260E-2F54-461D-8621-7CC61E1AEB6D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{E267BD1C-9D36-4B09-90D7-AEE75B160AB6}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8D0260E-2F54-461D-8621-7CC61E1AEB6D}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{A8D0260E-2F54-461D-8621-7CC61E1AEB6D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{E267BD1C-9D36-4B09-90D7-AEE75B160AB6}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{A8D0260E-2F54-461D-8621-7CC61E1AEB6D}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: Update Storimbo (Update Storimbo) . (...) - C:\Program Files (x86)\Storimbo\updateStorimbo.exe =>PUP.Storimbo
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe
~ Services: 30 Legitimates Filtered in 00mn 13s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SpeedUpMyPC.job [280] =>Rogue.SpeedUpMyPC
[MD5.C81E206D2DDBD18396506C2978F2C6BA] [APT] [ASUS Splendid ColorU] (...) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [171224]
[MD5.8F96BB27036090754B997ACBE55398E9] [APT] [SpeedUpMyPC] (.SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [395608] =>Rogue.SpeedUpMyPC
~ Scheduled Task: 16 Legitimates Filtered in 00mn 12s



---\\ Logiciels installés (O42)
O42 - Logiciel: Lollipop - (.Lollipop Network, S.L..) [HKCU][64Bits] -- lollipop =>Adware.Lollipop
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Storimbo - (.Storimbo.) [HKLM][64Bits] -- Storimbo =>PUP.Storimbo
O42 - Logiciel: WPM17.8.0.3159 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM
~ Logic: 33 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Storimbo] =>PUP.Storimbo
[HKLM\Software\Wow6432Node\Storimbo] =>PUP.Storimbo
[HKLM\Software\Wow6432Node\supWPM]
~ Key Software: 201 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/12/2013 - 15:11:05 - [27,154] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 02/12/2013 - 15:02:08 - [0,538] ----D C:\Program Files (x86)\Storimbo =>PUP.Storimbo
O43 - CFD: 02/12/2013 - 15:01:06 - [0,477] ----D C:\ProgramData\WPM
O43 - CFD: 02/12/2013 - 15:01:15 - [3,366] ----D C:\Users\Doudou\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 02/12/2013 - 15:11:01 - [0,002] ----D C:\Users\Doudou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ Program Folder: 102 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.429AACF672F757294C735FCC66CCC531] - 01/12/2013 - 11:04:46 ---A- - C:\Windows\Prefetch\MCMIGR~1.EXE-564F8E99.pf
O45 - LFCP:[MD5.9045578FD08054AF403CEC63F884C884] - 01/12/2013 - 18:16:05 ---A- - C:\Windows\Prefetch\MCVSSHLD.EXE-71926677.pf
O45 - LFCP:[MD5.F3597F26A3F01567B4AABB4E6335C5A0] - 02/11/2013 - 12:58:37 ---A- - C:\Windows\Prefetch\CLEANUPTXRLOGS.EXE-E3BABE71.pf
O45 - LFCP:[MD5.719A0F50DD03F7A48E18F50592CD2C8A] - 02/12/2013 - 11:04:46 ---A- - C:\Windows\Prefetch\MCMIGRATOR.EXE-B8880D01.pf
O45 - LFCP:[MD5.E2D0524CB4FCED2B5A0129DF9E23747C] - 02/12/2013 - 14:56:28 ---A- - C:\Windows\Prefetch\MCVSSHLD.EXE-F69E7D8B.pf
O45 - LFCP:[MD5.FFFF6CF55B6F6D6EB854A06F06B2485E] - 02/12/2013 - 14:56:49 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.FB413A3DC24EE59975079F5759A3C16B] - 02/12/2013 - 15:00:04 ---A- - C:\Windows\Prefetch\INSTALLER.EXE-0C33B29A.pf
O45 - LFCP:[MD5.DB668FFC75F6AED223F110FC04FBD103] - 02/12/2013 - 15:00:34 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.EXE-9EBABE62.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.E909A0CC02694FB046D483C8A5801EBB] - 02/12/2013 - 15:00:37 ---A- - C:\Windows\Prefetch\TUGS_NATIONZOOM.EXE-6A3EC6EF.pf =>Hijacker.NationZoom
O45 - LFCP:[MD5.DBB71271E25B26320DF487819064B925] - 02/12/2013 - 15:00:44 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.TMP-91C22D17.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.EECD55A3897C03D261AD3761262B0CC6] - 02/12/2013 - 15:00:46 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER_14656.EXE-F1C74E95.pf =>Adware.Lollipop
O45 - LFCP:[MD5.6858337B489B4B0735E22BC785522C25] - 02/12/2013 - 15:01:04 ---A- - C:\Windows\Prefetch\BAOFENG.EXE-9368348B.pf
O45 - LFCP:[MD5.4EFBF961B18A4D3CB05269B36C3378FB] - 02/12/2013 - 15:01:13 ---A- - C:\Windows\Prefetch\NEWGDP.EXE-B09E4303.pf
O45 - LFCP:[MD5.7804E43A0F3E542C0A95F3EFA3B707C6] - 02/12/2013 - 15:01:16 ---A- - C:\Windows\Prefetch\WPROTECTMANAGER.EXE-D98082CE.pf
O45 - LFCP:[MD5.3DE24328E65113F4BDD734E8E799BFC1] - 02/12/2013 - 15:01:49 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-8CBAF1B0.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.BEB33537B3828B02FB1DD51F3598F99B] - 02/12/2013 - 15:01:51 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-992FEDDB.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.2A3CD27805A0580EBC1CAEDB8C078C17] - 02/12/2013 - 15:01:57 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-E69E0788.pf
O45 - LFCP:[MD5.35483DCAA312DF7A1EC955DA629646C1] - 02/12/2013 - 15:02:18 ---A- - C:\Windows\Prefetch\UPDATESTORIMBO.EXE-2D2E5F18.pf =>PUP.Storimbo
O45 - LFCP:[MD5.945924A6D7604BB471FBE6C5F3E64DCD] - 02/12/2013 - 15:11:11 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.5F2A12395C56EA07077D990B7DC63101] - 02/12/2013 - 16:02:19 ---A- - C:\Windows\Prefetch\SPNOTIFIER.EXE-FC35DDED.pf
O45 - LFCP:[MD5.488DDAA93906EDF352E45096BA9CC843] - 02/12/2013 - 17:54:25 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf
O45 - LFCP:[MD5.BA01CEE7F6CA279FA03B791550435919] - 02/12/2013 - 17:55:49 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.3466EDCFC73CE23CFEE43AE9003DDE21] - 02/12/2013 - 18:29:58 ---A- - C:\Windows\Prefetch\DPTFPOLICYLPMSERVICEHELPER.EX-8EC05A62.pf
O45 - LFCP:[MD5.243F25184EB0E07D0C5EEEC265BAC4B4] - 02/12/2013 - 18:30:01 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-20BECB1B.pf =>Adware.Lollipop
O45 - LFCP:[MD5.BBAA6456B31BD20A3C82D25EFE8991BE] - 02/12/2013 - 18:30:15 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.1A1B55E7534BEB76F07CBDFEC826B26B] - 02/12/2013 - 18:39:16 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-3297AB2D.pf
O45 - LFCP:[MD5.6B87C8E19B0BE4705D2CCDC402779C25] - 02/12/2013 - 18:40:09 ---A- - C:\Windows\Prefetch\DOWNLOAD.EXE-D8EA3C9A.pf
O45 - LFCP:[MD5.FCD402C8D1EA81587EED09CB02568672] - 02/12/2013 - 19:51:08 ---A- - C:\Windows\Prefetch\METROTOAST.EXE-33E105E7.pf
O45 - LFCP:[MD5.5C3C52E365AC4F660F0355D8AB1205AA] - 02/12/2013 - 19:51:12 ---A- - C:\Windows\Prefetch\MCSVHOST.EXE-A6A2EB7B.pf
O45 - LFCP:[MD5.5C79F4034132C7906CF9D8213D27D677] - 02/12/2013 - 19:52:07 ---A- - C:\Windows\Prefetch\MCUPD.EXE-54E5571E.pf
O45 - LFCP:[MD5.8BA651530A3A67CA556DCA0C5516B10E] - 09/11/2013 - 21:06:09 ---A- - C:\Windows\Prefetch\MAP.EXE-64827744.pf
O45 - LFCP:[MD5.8E490335764EFD5BE9E025DD980882C7] - 09/11/2013 - 21:23:14 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-44C90B62.pf
O45 - LFCP:[MD5.EE94C2C50DAB5744933C85A03067EF5D] - 15/11/2013 - 18:15:39 ---A- - C:\Windows\Prefetch\INTEGRATEDOFFICE.EXE-DFB67DA0.pf
O45 - LFCP:[MD5.C7B7FF353E10442D466DCEAD36EA407C] - 29/11/2013 - 17:27:41 ---A- - C:\Windows\Prefetch\GLCND.EXE-DD45F588.pf
O45 - LFCP:[MD5.3FF53CA9C0061F772C7294A3E8A10A06] - 30/11/2013 - 17:39:31 ---A- - C:\Windows\Prefetch\dynreservedpri.db
~ Prefetcher: 243 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] - 02/08/2012 - 04:22:48 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 19 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\Lollipop.exe [3171328] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\logo.ico [17542] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\lollipop.bat [336] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\lollipop.dat [2048] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\lollipop.lpd [4016] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\lollipop_cfg.lpd [333250] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:40:52 ---A- . (...) -- C:\Users\Doudou\AppData\Local\Lollipop\lollipop_ps.lpd [1498] =>Adware.Lollipop
O61 - LFC: 02/12/2013 - 20:41:30 ---A- . (...) -- C:\Users\Doudou\AppData\Roaming\ZHP\Log.txt [16634] =>.Nicolas Coolman
O61 - LFC: 02/12/2013 - 20:41:30 ---A- . (...) -- C:\Users\Doudou\AppData\Roaming\ZHP\TestsZHPDiag.txt [2871] =>.Nicolas Coolman
O61 - LFC: 02/12/2013 - 20:41:30 ---A- . (...) -- C:\Users\Doudou\AppData\Roaming\sp_data.sys [62]
O61 - LFC: 02/12/2013 - 20:41:30 ---A- . (...) -- C:\Users\Doudou\Downloads\adwcleaner.exe [1110034]
~ 41 Fichiers temporaires (Temporary files)
~ Files: 225 Legitimates Filtered in 00mn 38s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (nationzoom) - http://www.nationzoom.com =>Hijacker.NationZoom
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][02/12/2013] (...) -- C:\Users\Doudou\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][28/10/2013] (...) -- C:\Users\Doudou\AppData\Local\Temp\ood_stream.x86.fr-fr.dat [0]
[MD5.EBCF25E3C6F267F7B08B9AE107E33353] [SPRF][02/12/2013] (...) -- C:\Users\Doudou\AppData\Roaming\sp_data.sys [62]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 19/09/2013 38440 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SS - | Demand 15/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 06/09/2013 288776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Auto 11/05/2012 200728 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 27/11/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 18/01/2013 31632 | (DptfParticipantProcessorService) . (.Intel Corporation.) - C:\Windows\System32\DptfParticipantProcessorService.exe
SR - | Auto 18/01/2013 33168 | (DptfPolicyConfigTDPService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyConfigTDPService.exe
SR - | Auto 18/01/2013 39824 | (DptfPolicyLpmService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyLpmService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 24/09/2013 178048 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Demand 24/07/2013 334608 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McOobeSv2) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McSchedulerSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/09/2013 1017016 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 24/09/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 24/09/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 10/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/01/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 19/11/2013 66848 | (Update Storimbo) . (...) - C:\Program Files (x86)\Storimbo\updateStorimbo.exe =>PUP.Storimbo
SR - | Auto 20/12/2012 45488 | (WakeupService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 02/12/2013 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe

~ Services: Scanned in 00mn 12s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Doudou at 02/12/2013 20:43:52
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Doudou at 02/12/2013 20:43:55

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13007 - (01/12/2013)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDAC750C-59DA-4BB6-9EE7-EAD55EBE0B64}] =>PUP.Storimbo^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Storimbo] =>PUP.Storimbo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop] =>Adware.Lollipop^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Storimbo] =>PUP.Storimbo^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1] =>Rogue.SpeedUpMyPC
[HKLM\Software\Classes\SpeedUpMyPC] =>Rogue.SpeedUpMyPC
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:lollipop =>Adware.Lollipop^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\Storimbo =>PUP.Storimbo^
C:\Users\Doudou\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\Doudou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe =>Rogue.SpeedUpMyPC^
C:\Users\Doudou\AppData\Local\Lollipop\Lollipop.exe =>Adware.Lollipop^
C:\Windows\Tasks\SpeedUpMyPC.job =>Rogue.SpeedUpMyPC^
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>Rogue.SpeedUpMyPC^
[HKCU\Software\Storimbo] =>PUP.Storimbo^
[HKLM\Software\Wow6432Node\Storimbo] =>PUP.Storimbo^
~ Additionnel Scan: 187975 Items scanned in 00mn 44s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33047509-rogue-speedupmypc =>Rogue.SpeedUpMyPC
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blog/show/38130097-pup-storimbo =>PUP.Storimbo
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ MSI: 6 link(s) detected in 00mn 44s



~ 1535 Legitimates filtered by white list
End of the scan (525 lines in 06mn 40s)(0)

Publicité


Signaler le contenu de ce document

Publicité